Xen · Xen · CVE-2020-28368
**Name of the Vulnerable Software and Affected Versions**
Xen versions through 4.14.x
**Description**
The issue allows guest OS administrators to obtain sensitive information, such as AES keys from outside the guest, via a side-channel attack on a power/energy monitoring interface, also known as a "Platypus" attack.
**Recommendations**
To resolve the issue, change the access control for each power/energy monitoring interface in Xen.